[keycloak-user] Keycloak and registration workflow for REST API platform

Christina Lau christinalau28 at icloud.com
Wed Jul 9 08:46:41 EDT 2014


Hello Stian, here is what I am trying to do:

1. Create a self-service registration application, all users will use this application to register with their own email or twitter/facebook/google acct email.  I will imagine I use the Keycloak login and use CSS to customize it to integrate with my own application.

2. The user will be issued a key/access token, this key will be used later to authorize the REST calls 

Now I want to support 3 kinds of authorization for the different REST calls:

1. API key only - for calls that just need to establish identity, but don't need to authenticate or authorize.
2. Authentication for more sensitive calls where I want to delegate authorization to a trusted location (i.e. keycloak)
3. Authorization for certain services where only authorized partners can invoke.

Can you outline how I can implement this in Keycloak, esp what part I have to implement myself. I plan to use RestEasy to implement Restful services, but I need to make sure the Restful services can be called by all clients (i.e. support popular OAuth libraries). Thanks…

Christina

On Jul 9, 2014, at 4:15 AM, Stian Thorgersen <stian at redhat.com> wrote:

> To answer your question properly I'd need more details about what you're trying to achieve.
> 
> It does sound like we pretty much already have what you need, with the exception of letting users themselves create clients. Depending on your use case it may be a good idea to have a single realm (and share users) between all developers/applications, or it may be better to have a realm per developer/application.
> 
> For the latter we do have a role that lets users create new realms, but not use any other realms. This could be used to let a developer register with your platform and then be able to login to the admin console to create clients, users, or whatever they want. For the first we have discussed in the past, but do not support it yet, the ability to let users register clients through the account management console.
> 
> ----- Original Message -----
>> From: "Christina Lau" <christinalau28 at icloud.com>
>> To: keycloak-user at lists.jboss.org
>> Sent: Tuesday, 8 July, 2014 4:34:57 PM
>> Subject: [keycloak-user] Keycloak and registration workflow for REST API	platform
>> 
>> I am wondering if I can use Keycloak to implementation the registration
>> workflow for a REST API platform, similar to Twitter
>> (https://apps.twitter.com/) or Linkedln
>> (https://developer.linkedin.com/rest).
>> 
>> I found some features like social login very applicable. However I am not
>> quite sure how I will model this in Keycloak. For example, will I have 1
>> realm per user and each user that registers will have their own oauth client
>> for their third party appl(s) that I need to grant access to similar to the
>> Tutorial 3 demo?
>> 
>> If this is feasible to implement, can you outline the steps involved in this
>> use case. I am thinking I will need to build a lot of it using the REST APIs
>> you provided. Thanks in advance for any help.
>> 
>> Christina
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 




More information about the keycloak-user mailing list